RE: [PHP] crypt salt question
I figured out finally:)
Actually the random salt is always the first 2 character of the encryoted
password,
so this works fine now :
Thanks,
Andras
-Original Message-
From: Satyam [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 30, 2007 3:00 PM
To: Andras Kende; php-general@lists.php.net
Subject: Re: [PHP] crypt salt question
No chance. Unless you have the salt stored along each password, your
passwords are as good as random texts
Satyam
- Original Message -
From: "Andras Kende" <[EMAIL PROTECTED]>
To:
Sent: Thursday, August 30, 2007 11:42 PM
Subject: [PHP] crypt salt question
> Hello,
>
>
>
> I'm trying to move some app from postgresql to mysql but unable to find
> out
> how to authenticate
>
> against the current crypted passwords with php..
>
>
>
> insert to database:
>
>
>
> $cset =
> "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./";
> $salt = substr($cset, time() & 63, 1) . substr($cset, time()/64 & 63, 1);
> $password = crypt($password, $salt); //pass crypted version of password
> for further processing
>
>
>
> $result = pg_query ("INSERT INTO users (username, password) VALUES
> ('$username', '$password')");
>
>
>
> I read the crypt is one way encryption but how to compare the password
> entered with the encrypted
>
> version if don't know the salt ??
>
>
>
>
>
> Thanks,
>
>
>
> Andras
>
>
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.484 / Virus Database: 269.12.12/979 - Release Date: 29/08/2007
20:21
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] crypt salt question
No, I'm sorry, I spoke out that thought to early!! At the university we used
a PG_SQL database to store the passwords, and used the LDAP tree with all
the user information and stuff to store the salt as well!
How do your scripts operate on that with the PG_SQL database before
migrating to mysql ...
Greets,
Jan
-Original Message-
From: Jan Reiter [mailto:[EMAIL PROTECTED]
Sent: Friday, August 31, 2007 12:07 AM
To: 'Andras Kende'; PHP Mailing List
Subject: RE: [PHP] crypt salt question
Hi!
How did you do the comparison with the PG_SQL database?? I believe there is
a UNIX function, able to retrieve the salt from a crypt string, or one that
can do the comparison, without a slat given. But I'm not quite sure. I'm
gonna investigate that. But how did you compare passwords before, when using
a time based "random" salt? I understand you use the CRYPT_STD_DES method
...
Greets,
Jan
-Original Message-
From: Andras Kende [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 30, 2007 11:42 PM
To: php-general@lists.php.net
Subject: [PHP] crypt salt question
Hello,
I'm trying to move some app from postgresql to mysql but unable to find out
how to authenticate
against the current crypted passwords with php..
insert to database:
$cset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./";
$salt = substr($cset, time() & 63, 1) . substr($cset, time()/64 & 63, 1);
$password = crypt($password, $salt); //pass crypted version of password
for further processing
$result = pg_query ("INSERT INTO users (username, password) VALUES
('$username', '$password')");
I read the crypt is one way encryption but how to compare the password
entered with the encrypted
version if don't know the salt ??
Thanks,
Andras
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] crypt salt question
Hi!
How did you do the comparison with the PG_SQL database?? I believe there is
a UNIX function, able to retrieve the salt from a crypt string, or one that
can do the comparison, without a slat given. But I'm not quite sure. I'm
gonna investigate that. But how did you compare passwords before, when using
a time based "random" salt? I understand you use the CRYPT_STD_DES method
...
Greets,
Jan
-Original Message-
From: Andras Kende [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 30, 2007 11:42 PM
To: php-general@lists.php.net
Subject: [PHP] crypt salt question
Hello,
I'm trying to move some app from postgresql to mysql but unable to find out
how to authenticate
against the current crypted passwords with php..
insert to database:
$cset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./";
$salt = substr($cset, time() & 63, 1) . substr($cset, time()/64 & 63, 1);
$password = crypt($password, $salt); //pass crypted version of password
for further processing
$result = pg_query ("INSERT INTO users (username, password) VALUES
('$username', '$password')");
I read the crypt is one way encryption but how to compare the password
entered with the encrypted
version if don't know the salt ??
Thanks,
Andras
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] crypt salt question
No chance. Unless you have the salt stored along each password, your
passwords are as good as random texts
Satyam
- Original Message -
From: "Andras Kende" <[EMAIL PROTECTED]>
To:
Sent: Thursday, August 30, 2007 11:42 PM
Subject: [PHP] crypt salt question
Hello,
I'm trying to move some app from postgresql to mysql but unable to find
out
how to authenticate
against the current crypted passwords with php..
insert to database:
$cset =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./";
$salt = substr($cset, time() & 63, 1) . substr($cset, time()/64 & 63, 1);
$password = crypt($password, $salt); //pass crypted version of password
for further processing
$result = pg_query ("INSERT INTO users (username, password) VALUES
('$username', '$password')");
I read the crypt is one way encryption but how to compare the password
entered with the encrypted
version if don't know the salt ??
Thanks,
Andras
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.484 / Virus Database: 269.12.12/979 - Release Date: 29/08/2007
20:21
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
